Deep Discovery Email Inspector prevents spear-phishing attacks and cyber threats, and provides Business Email Compromise (BEC) protection by investigating suspicious links, file attachments, and social engineering attack patterns in email messages before they can threaten your network. Designed to integrate into your existing email network topology, Deep Discovery Email Inspector can act as a mail transfer agent in the mail traffic flow (MTA mode) or as an out-of-band appliance (BCC mode or SPAN/TAP mode) monitoring your network for cyber threats and unwanted spam messages.
Whichever deployment method is chosen, Deep Discovery Email Inspector investigates email messages for suspicious file attachments, embedded links (URLs), spam, content violations, and characteristics. If an email message exhibits malicious behavior, Deep Discovery Email Inspector can block the email message and notify security administrators about the malicious activity.
After Deep Discovery Email Inspector scans an email message for known threats in the Trend Micro Smart Protection Network, it passes suspicious files and URLs to the Virtual Analyzer sandbox environment for simulation. Virtual Analyzer opens files, including password-protected archives and document files, and accesses URLs to test for exploit code, Command & Control (C&C) and botnet connections, and other suspicious behaviors or characteristics.
After investigating email messages, Deep Discovery Email Inspector assesses the risk using multi-layered threat analysis. Deep Discovery Email Inspector calculates the risk level based on the highest risk or spam score assigned by the Deep Discovery Email Inspector email scanners, Virtual Analyzer, or Trend Micro Smart Protection Network.
Deep Discovery Email Inspector acts upon email messages according to the assigned risk level or spam score, and policy settings. Configure Deep Discovery Email Inspector to block and quarantine the email message, allow the email message to pass to the recipient, strip suspicious file attachments, redirect suspicious links to blocking or warning pages, or tag the email message with a string to notify the recipient. While Deep Discovery Email Inspector monitors your network for threats or unwanted spam messages, you can access dashboard widgets and reports for further investigation.
Virtual Analyzer is a secure virtual environment that manages and analyzes objects submitted by integrated products, and administrators and investigators (through SSH). Custom sandbox images enable observation of files, URLs, registry entries, API calls, and other objects in environments that match your system configuration.
Virtual Analyzer performs static and dynamic analysis to identify an object's notable characteristics in the following categories:
Anti-security and self-preservation
Autostart or other system configuration
Deception and social engineering
File drop, download, sharing, or replication
Hijack, redirection, or data theft
Malformed, defective, or with known malware traits
Process, service, or memory object change
Suspicious network or messaging activity
During analysis, Virtual Analyzer rates the characteristics in context and then assigns a risk level to the object based on the accumulated ratings. Virtual Analyzer also generates analysis reports, suspicious object lists, PCAP files, and OpenIOC files that can be used in investigations.
The Advanced Threat Scan Engine (ATSE) uses a combination of pattern-based scanning and heuristic scanning to detect document exploits and other threats used in targeted attacks.
Major features include:
Detection of zero-day threats
Detection of embedded exploit code
Detection rules for known vulnerabilities
Enhanced parsers for handling file deformities
Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features.
After detecting an unknown or low-prevalence file, the Deep Discovery Email Inspector scans the file using the Advanced Threat Scan Engine (ATSE) to extract file features and sends the report to the Predictive Machine Learning engine, hosted on the Trend Micro Smart Protection Network. Through use of malware modeling, Predictive Machine Learning compares the sample to the malware model, assigns a probability score, and determines the probable malware type that the file contains.
Deep Discovery Email Inspector can attempt to "Quarantine" the affected file to prevent the threat from continuing to spread across your network.
Predictive Machine Learning is a powerful tool that helps protect your environment from unidentified threats and zero-day attacks.
With one of the largest domain-reputation databases in the world, Trend Micro web reputation technology tracks the credibility of web domains by assigning a reputation score based on factors such as a website's age, historical location changes and indications of suspicious activities discovered through malware behavior analysis, such as phishing scams that are designed to trick users into providing personal information. To increase accuracy and reduce false positives, Trend Micro Web Reputation Services assigns reputation scores to specific pages or links within sites instead of classifying or blocking entire sites, since often, only portions of legitimate sites are hacked and reputations can change dynamically over time.
Social Engineering Attack Protection detects suspicious behavior related to social engineering attacks in email messages. When Social Engineering Attack Protection is enabled, Deep Discovery Email Inspector scans for suspicious behavior in several parts of each email transmission, including the email header, subject line, body, attachments, and the SMTP protocol information.
Trend Micro Apex Central™ is a central management console that manages Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels. The Apex Central web-based management console provides a single monitoring point for managed products and services throughout the network.
Apex Central allows system administrators to monitor and report on activities such as infections, security violations, or virus entry points. System administrators can download and deploy components throughout the network, helping ensure that protection is consistent and up-to-date. Apex Central allows both manual and pre-scheduled updates, and the configuration and administration of products as groups or as individuals for added flexibility.
Trend Micro Deep Discovery Director is an on-premises management solution that enables centralized deployment of product updates, product upgrades, and Virtual Analyzer images to Deep Discovery products, as well as configuration replication and log aggregation for Deep Discovery products. To accommodate different organizational and infrastructural requirements, Deep Discovery Director provides flexible deployment options such as distributed mode and consolidated mode.
For more information, see the Deep Discovery Director Administrator's Guide.